SQL注入 SQL Injection

SQL Injection Attacks and Defense

Second Edition

Justin Clarke

Table of Contents

Cover image

Title page

Copyright

Acknowledgements

Understanding How Web Applications Work

Understanding SQL Injection

Understanding How It Happens

Summary

Solutions Fast Track

Chapter 2. Testing for SQL Injection

Introduction

Finding SQL Injection

Confirming SQL Injection

Automating SQL Injection Discovery

Summary

Solutions fast track

Chapter 4. Exploiting SQL injection

Introduction

Understanding common exploit techniques

Identifying the database

Extracting data through UNION statements

Using conditional statements

Enumerating the database schema

Injecting into “INSERT” queries

Escalating privileges

Stealing the password hashes

Out-of-band communication

SQL injection on mobile devices

Automating SQL injection exploitation

Summary

Using Alternative Channels

Summary

Solutions fast track

Chapter 6. Exploiting the operating system

Introduction

Accessing the file system

Executing operating system commands

Consolidating access

Summary

Solutions fast track

References

Chapter 7. Advanced topics

Introduction

Evading input filters

Exploiting second-order SQL injection

Domain Driven Security

Using parameterized statements

Validating input

Encoding output

Canonicalization

Design Techniques to Avoid the Dangers of SQL Injection

Summary

Solutions fast track

Chapter 9. Platform level defenses

Introduction